Sandboxie Support

Is there a combination of settings that I can use to allow programs with internet access, installed in a sandbox, full file access to all of the C: drive except the system folders? I want the sandboxed programs to be able to move large files to non-system folders on the C: drive - but I also want to make sure that any accidentally downloaded malware has no access to the system folders.

I thought this would be a common configuration, but I can't find anything about it when looking at docs and searching the forums.

I have tried using sandbox settings for full access to C:\ and then setting the system folders to readonly access - (not sure if that's even a valid config) - but then my Sandboxie desktop shortcuts cannot launch the sandboxed programs... ("not found" messages).

Thanks,
CBruce

Hello CBruce,

Maybe something like this will help:
viewtopic.php?p=30824#p30824
viewtopic.php?p=126368#p126368

Regarding copying files:
https://www.sandboxie.com/CopyLimitKb

Also, you may want to look at the internet access restrictions:
https://www.sandboxie.com/RestrictionsSettings#internet

Regards,
Barb.-

I really would NOT recommend doing it but in my test with notepad and trying to save files in various folders these seem to be what you want.

OpenPipePath=C:\
ReadFilePath=C:\Boot
ReadFilePath=C:\Program Files
ReadFilePath=C:\Windows

That still doesn't cover other sandbox folders either if the container folders are set up for C:\ as well (like default) so things running in the one with those rules could modify files in those other sandboxes as well.

Doing it this way will also interfere with some normal operations such as if you then try to install a new program into the sandbox and install it to Program Files, it won't be able to create the files and it would fail.

On another note, I did not see any issues using 'Run Sandboxed' from desktop shortcuts as you mentioned after opening all of C:\ unless the program existed only inside the sandbox. Yet another reason to not attempt it that way I suppose.

You'd be much better off poking holes for just a few specific locations (say those user folders you move the files to) instead of opening up the whole drive and then trying to re-protect certain things.